add scanning

Author: shahidhk

.github/workflows/ndc-nodejs-lambda-connector.yaml

@@ -131,6 +131,31 @@ jobs:
           labels: ${{ steps.docker-metadata.outputs.labels }}
           push: true
 
+  security-scan:
+    name: Security vulnerability scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.32.0
+        with:
+          scan-type: fs
+          format: json
+          output: trivy-results.json
+          severity: CRITICAL,HIGH
+          exit-code: 1
+
+      - name: Upload to Security Agent
+        if: always()
+        uses: hasura/security-agent-tools/upload-file@main
+        with:
+          file_path: trivy-results.json
+          security_agent_api_key: ${{ secrets.SECURITY_AGENT_API_KEY }}
+          tags: |
+            service=ndc-nodejs-lambda
+            scanner=trivy
+
   release-connector:
     name: Release connector
     defaults: